BAHNO Audit – FAQs

As site leads gather local approvals, a number of questions will be asked by the various departments before approval is granted.  Many of these questions may be relevant to other sites.  This page will detail our responses so others may utilise the information if required:


Who is the data being shared with:

Integrate is the national ENT trainee led research collaborative organisation (, it is formed of trainees enrolled on the national training programme in otolaryngology which is run by the Joint Committee on Surgical Training. Integrate has the backing of ENT-UK (, the national body for ENT surgeons in the UK. This particular project is being delivered by Integrate on behalf of the British Association of Head and Neck Oncologists ( The steering committee for the project are Matthew Ellis (ENT registrar),  John Hardman (ENT Registrar), Maha Khan (ENT Registrar), Matthew Smith (ENT registrar), Kishan Ubayasiri (ENT registrar), Richard Williams (ENT registrar) and Hisham Mehanna (Professor of ENT Surgery). For a previous project (The National Epistaxis Audit 2016) Integrate used the UCL services for data storage but Integrate is not affiliated with University College London and UCL is not involved with the Head and Neck Cancer Surveillance audit.

Patient anonymisation:

To aid patient anonymisation, the audit response form will not include the absolute date of the clinic appointment. ​The data collected locally will remain available to the collaborator until they destroy it at a time agreed between them and their local clinical governance department. This is intended to facilitate local reaudit once the national audit has been completed.

Data storage:

The list of patient names and anonymous ID will be stored locally by the collaborator. Collaborators are required to store data securely in line with national General Data Processing Regulation and local procedures set out by clinical governance departments, the exact arrangements for local storage of the anonymised data and patient list are the responsibility of the collaborator. It is anticipated that this would be in the form of a password protected document on a non-networked drive of an NHS computer. If the document is recorded on paper this would be stored securely in a locked location which is known to the clinical governance department. The lead NHS trust for the project is Birmingham NHS Foundation Trust and all anonymised national data will be collected and stored securely on the NHS trust computers there. Once the anonymised audit data has been submitted to the lead NHS trust, the local data will be destroyed unless the collaborator has made a specific application with their local clinical governance department to store the data for a longer period for the purpose of local reaudit. The anonymised data will be stored for two years.

Data transfer:

The paper clinic audit proforma will not be submitted to the steering committee of the national audit. It is intended to be used as a clinical document and stored in the patient notes. Where this is impractical (e.g. in the case of e-notes etc) or the proforma is not accepted for use by the trust healthcare records committee, the document will be utilised for audit purposes only.  If this is the case a method of appropriate document storage will be agreed with the host trust’s governance department.

Anonymised data will be extracted from the audit proforma and recorded in an MS Excel spreadsheet. A locked template will be distributed to collaborators prior to the data collection period. All fields in the document will be locked to only allow entry of the clinical data via prepopulated selection boxes. Collaborators will be given instructions how to encrypt the file before sending it by email from an address to the audit specific address ( at the lead NHS trust.

IG Toolkit:

Integrate is registered with the Information Commissioner’s office as we maintain a list of collaborators with their contact details however no anonymised clinical data is stored on any Integrate server. All anonymised clinical data is stored on the computers at the lead NHS trust, the project will be registered at that trust to host the data which is compliant with the IG toolkit and data regulations.

Sharing of data:

The anonymised findings of the national audit will be presented at national academic conferences and will be submitted for publication in the academic literature. Audit findings at the national level will be disseminated to collaborators at each regional site to allow them to make local presentations. It is not intended for any data to be shared with any other organisations. If any individual collaborator intends to make use of their local data in any other way then they would need to apply to their local clinical governance department prior to doing so.

Email issues:

During the preparation and audit window we will be sending e-mail updates from INTEGRATE.  It you do not seem to be receiving these please:

– Ensure you have validated your e-mail as part of the process of registering

– Check your spam to ensure the e-mails are not being filtered

– If you’re still struggling, let us know and we’ll investigate further.

Audit Clinic Proforma clarification:

To clarify, the proforma is there to optimise data collection.  It is not designed to provide data for all fields in the audit response form.  Other elements will be extracted from the wider hospital notes.

Cutaneous malignancy:

The follow up of cutaneous head and neck malignancy is not included in the audit.

Alcohol clinic proforma data field:

The ‘current’ data field should be ticked if the patient is actively drinking alcohol regardless of extent (i.e. yes or no)

Consent or consent exemption:

There are no plans to formally consent individuals for their involvement within this audit.  The basis for this being that clinical audit is considered an integral and thus essential part of direct patient care.  It is anticipated that all trusts planning to be involved within the audit produce generic patient information regarding what they use personal information for, which should include its use in clinical audit.  It is for local consideration to decide whether this is indeed the case.   Section 60 of the Health and Social Care Act 2001 which currently provides an interim power to ensure that patient identifiable information, needed to support a range of important work such as clinical audit, record validation and research, can be used without the consent of patients.  However, in this case all data will not patient identifiable, it was felt that the practicalities of seeking consent from all patients involved in the audit would significantly denude the comprehensiveness of data collected.  Patient information posters have been produced and will be distributed to all audit sites for display in all relevant patient waiting areas during the audit window.  This will explain in lay terms the aims and methodology of the audit, as well as clearly stating the ability of patients to opt-out of having their anonymous data used in this audit.

Legal basis for sharing data:

The legal basis for sharing data in this project is based on ‘implied powers’ from the National Health Service Act 2006, section 82, this places a duty on NHS bodies and local authorities to co-operate with one another in order to secure and advance the welfare of the people of England and Wales.

What does the ICO say about the audit?

We cannot offer an opinion on the suitability of your proposals, however it would appear that the information to be gathered will be anonymous.

The Data Protection Act (DPA) is concerned with the processing of personal data which will identify a living individual. Therefore if an individual cannot be identified from the information then this will not come under the DPA. 

It is for the data controller to determine whether sufficient steps have been taken to ensure the anonymity of the data they are using.

Where will the data be stored and when will it be deleted?

The data will be stored under ‘My documents’ under the login of Kishan Ubayasiri (ENT Fellow) on the hospital computer in the doctor’s office of Ward 408, Queen Elizabeth Hospital, Birmingham. The ward requires swipe access to enter. The data will not be stored on the C drive and will only be visible under the login of Kishan Ubayasiri.
After deletion of the files after a period of no more than 2 years, the Recycle Bin will also be emptied.